Graphing Internet Interaction To Spot Spammers

Gunkerty Jeb writes "Spammers, it turns out, aren't like everyone else: they have fewer friends. 'Social Graphs for Online Service Security,' a study done by researchers Yinglian Xie and Fang Yu, uses studies of legitimate and malicious social network usage to spot bogus email accounts that are used to push spam, malware, and otherwise malicious links. The researchers are analyzing natural social connections between users on the Web that are difficult for attackers or botnets to replicate. Spotting a spammer isn't hard, they say, when you look at his or her patterns of communication."

Spam emails always have something misspelled

It's like a unwritten rule or something.

Re:Spam emails always have something misspelled

And if it was a written rule, it would be misspelled.

Re:Spam emails always have something misspelled

Odd English also, which makes me wonder why people give them any credence. The porn spam I'm currently receiving has subjects like "main chicks" and "Fascinating ass". What are main chicks, and do we have enough backup chicks in reserve?

On the article though, doesn't it seem kind of obvious?

Re:Spam emails always have something misspelled

[The+Archon+V2.0]

"Fascinating ass" just leaves the image of someone mooning a bar brawl and everyone stopping to stare, transfixed. Or, perhaps, a captivating donkey.

(Sigh.) Oh, Spamusement, how I miss thee.

Spammers, Hackers, Criminals, Felons, Recidivists,

activists, hacktivists, writers, reporters, citizens, the public-at-large, and blah...blah...blah...and ( to quote Kurt Vonnegut) so on and so forth.

In other words, this is another lame attempt by "academics" to use network problems to solve EVERYTHING.

I'd rather be surfing than reading this crap.

Zzzzzzzzz.

Yours In Novosibirsk,
Kilgore Trout, C.I.O

Re:Internet Interaction in my pants

Unfortunately it's too tiny to be detected even by the most sensitive of detectors.

That's because it's not required yet.

[JLennox]

I used to run a 200~400+ user IRC channel on DALnet over a decade ago and we would get spammers in there.

So I made a bot that would rejoin the channel at a set interval and ban anyone who messaged it.

Then they made them detect that it was an op's ip, even though the bot wasn't op. So I started using a different host name.

Then they made it so that the bot used 2 connections, one to send the message and wasn't in the channel, and one to sit in the channel to tell the other connection who to spam. So I made my bot detect the identical hosts.

Then they started using different hosts. So I made it log who has and hasn't talked in the channel and notify me. I'd whois those people and join the other channels they were in waiting to find a common channel getting spammed. I'm assuming if they realized the weak link in the chain was me detecting who has and hasn't talked, they'd of made it say hurf durf randomly.

Once you require the spam bots to have friends, they'll have friends. Your solution is a temporary one.

Re:That's because it's not required yet.

I tought the /. was refering to the actual spammer, they dont have many friends, they are virgins, live at mom house, and they dont have gf.

So maybe the FBI can use these information and search these users and investigate ilegal activities.

Re:That's because it's not required yet.

[rm999]

I work in preventing fraud, and I completely agree with your point. In any kind of maliciousness detection, there will be patterns you can find that will immediately stop a large % of the bad guys. But the bad guys won't retire, they will run to another corner, and you will have to chase them.

That isn't to say it's not worth trying to stop them. Quite the opposite: the more you chase them around, the more robust your system becomes, and the harder it will be for casual bad guys to attack your system.

Re:That's because it's not required yet.

[Nerdos]

This reminds me of a short story by Cory Doctorow (what ever you might think of him) called "I, rowboat". It's mentioned in the story that AI emerged from the arms race between more and more sophisticated spamming and anti-spam software duking it out.

Re:That's because it's not required yet.

[GameboyRMH]

I've had various Slashdot spammers (posting binspam articles to the firehose) friend me, maybe they're more ahead of the curve than we know...

Re:That's because it's not required yet.

I tought the /. was refering to the actual spammer, they dont have many friends, they are virgins, live at mom house, and they dont have gf.

So maybe the FBI can use these information and search these users and investigate ilegal activities.

... this is typical bullying and internet terrorist dreams from Anonymous and Encyclopedia Dramatica.

Slippery slope

[Tsar]

I'm starting to think that a social graph is going to be the 21st century version of the fingerprint, except it will describe WHAT you are rather than WHO you are. Botnet, AI, Muslim, Baptist, college-educated straight Irish-American middle-child female... Who'd like to guess what the total annual budget is already for this kind of research? How much money and manpower would the Department Homeland Security be willing to invest to keep Facebook et al popular with their target audience, so the cheap social graph data keeps flowing?

Re:Slippery slope

The same problem as with MMOs, when you get infinite retries you can get around anything. The solution to spammers is to execute them when caught. Sure that's going to make them try even harder not to get caught, but they won't get to try new tactics every time they fail. And they will stop sharing tactics, 'cause who knows when the person you share with is a cop, eh?

Re:Slippery slope

[Jstlook]

It's called marketing, in one guise. The annual marketing budget in 2008 was roughly 412 billion dollars, as per one site. I highly doubt that takes into consideration the money spent on government uses, such as the Census (14.7 billion dollars), the alphabet soup - FBI, DOD(incl. NSA), CIA, DHS, et cetera (annual budget of 7.9 billion, 664 billion, 44 billion in 2005, 85.2 billion, respectively). I'd feel confident saying that this barely touches the amount of money that is actually thrown at demographics in general. It's interesting to note how large the DHS budget actually is though.

Re:Slippery slope

Your error is a typical beta male error, that I once also fell for:
You are afraid of what people will think of you, even when you are just who you are. Which is deeply, deeply wrong.
And because of that, you act defensive. Which pushes those around you in the dominant offensive role, even when they would just as well take the submissive one (Hint: Most people are the submissive type, and just a few are leaders, otherwise society wouldn't work).
You basically expect them to look down onto you for what you are.
So that's what they will do.
And tadaaa, your prophecy fulfills itself.

I was always ashamed of who I was. At parties, I hid in the corner, etc. But the real me always loved running around barefoot in public. So one day, I decided that I will accept who I am, and not be ashamed, but proud of it. After all I think it's cool.
And surprise, surprise: The first summer I did this, I got into more talks with girls than ever in my life before. And generally people being interested in me.
Even if they didn't think it was cool.
Because I was so confident and secure about it being cool, that I just dragged people in. The girls usually just were interested. And often, they thought I was pretty cool because of it!

Holy shit: I, myself turned something I previously was ashamed of in something cool and attractive!

Honestly, if I were a Muslim, I'd just be this awesome dude that everybody looks up to and girls like. I'd go to Alabama, and make people respect and like me!
It's not hard. Just be confident, interesting, and nice!

It's the very reason those gay parades started. Before they became so incredibly annoying and pestering. ;)

I am not a spammer!

I'm just socially awkward is all...

Re:I am not a spammer!

[That+Guy+From+Mrktng]

Or You can have a personality dissorder that makes you avoid any social interaction, maybe you joined Facebook with the hope of finding some friends and old classmates, but you quickly lose all interest in FB, Your social network fingerprint now depicts you as a Spammer?.

I'm just waiting for the study (duh-science FTF) showing that top criminals are not in Facebook, hence, anybody not in Facebook is a potential criminal.

"You must post at least 3 updates/hour in you FB wall to deserve our Victory Gin, citizen"

Re:I am not a spammer!

[Ihmhi]

1 @M @ F@1R 8IT 5OCI@LLY @WKW@RD MYS3LF, 5O 1 UND3RST@ND. @ND FOR SOM3 R3@SON MY FRI3NDS N3V3R G3T MY 3-MAILS.

Isn't this a lot like Google's PageRank?

[Solandri]

Except applied to email addresses instead of websites? It works great at first. Then the spammers start creating artificial networks between their bots and fake sites/emails, to make them look more like legit sites/email addresses. And soon you need a multi-billion dollar company constantly working to refine it to keep it one step ahead of the spammers.

Friends don't let friend spam?

[ackthpt]

Perhaps another way of looking at it is it, some entrepeneurs are asocial - they don't mind enriching themselves at the expense of others - i.e. I'll sell "Hydrolizing Cream" to you to make money for myself, not minding that the stuff I bottle, label and sell is just a bulk cream containing lanolin and/or glycerin. If you're so stupid to buy it, I'm not going to lose sleep over it.

Not exactly insightful

[kelemvor4]

"Spammers, it turns out, aren't like everyone else: they have fewer friends.

Spammers are assholes, assholes don't have as many friends as non assholes. It wasn't that hard to put together.

According to Microsoft researchers

[fatphil]

Spam will be a thing of the past in two years' time.
        * BBC News (24 January 2004)

Re:According to Microsoft researchers

Well of course, it will go away by itself when this internet fad passes.

Re:According to Microsoft researchers

[jellomizer]

With Google g-mail and many other "Cloud" based email servers Spam isn't nearly as much of a problem as it was back in 2004. Sure they are still spammer but the stuff really gets filtered away into the Spam bucket very well now. The biggest Spam gettters are people who think they should host their own email server because they figure they can do it much better then Google.

Re:According to Microsoft researchers

I know. They are a thing of thfoot massage centrale past, we shoulnd't be worrying about it anBuy Hangover 2 DVDymore, now that us humans are smabuy rift platinumrt enough to not fall for their traps.

Unless i'm of coGet Your University of Phoenix Degree Onlineurse, wrong and that we're headed toward a idiocracy benefitting these con artiVIZAGRAsts.

Chain emails?

[psithurism]

Don't you think this might incorrectly flag people who send out lots of chain emails to all their friends?

I, for one, hope so.

Re:Chain emails?

I sincerely hope so! I got tired of responding with the obligatory snopes links, but thankfully people took me off the "inspirational" and scare story mailing lists.

Re:Chain emails?

[140Mandak262Jamuna]

Don't you think this might incorrectly flag people who send out lots of chain emails to all their friends?

I, for one, hope so.

My! you talk as though that is a bad thing!

Re:Chain emails?

Funny how the people who used to do that to me, you know not checking their facts, were all right-wing fundamentalist-republi-tarians-faux-news watchers.

Re:Chain emails?

[_0xd0ad]

Your ideas interest me and I would like to subscribe to your newsletter...

(so I can forward it to all my friends)

Stop fucking buying from them

[ronmon]

Is it really that big of a mystery?

Re:Stop fucking buying from them

[GameboyRMH]

I'd like to know who buys from spammers. I know old grannies fall for 419s but WHO BUYS FROM SPAMMERS!?

Re:Stop fucking buying from them

The idiots who pay spammers aren't end customers who buy products. They're the gullible people who see spam as an advertising technique.

How

[h4x0t]

does one get the data to label them "spammer" or not?


Side note: I thought title said Graphene - Internet Interaction and my head started spinning.

Plz mod me down.

[140Mandak262Jamuna]

Responded without reading the posting in full. Running away shamefacedly.

Spam is ironic...

[Paul+Fernhout]

...because email is a tool of creating abundance (a better world), but spammers are still caught up with fighting over scarcity, and so they damage the system (email) that coudl bring material and social abundance to all (even the spammers).

no shit

[deyknow]

no shit

Former DALNET #Windows95 admin + question

I used to moderate on DALNET's then "Official Help Channel for Windows users", circa 1995-2000, in #Windows95 (yes, we did all forms of Windows, I never liked the name) - in fact, K. Mardem Bey, creator of MIRC endorsed our channel as such!

Me? I miss Dalnet & IRC actually!

(This part though? I liked & didn't like... mixed bag: The #Linux channel used to hassle us & do floodbots etc. to us, & in turn, we did the same to they - might sound stupid, but, it teaches you things "IP", @ least if you didn't want to be taken "TOTAL" advantage of... & not easier things like watching out for DCC etc.)

Heh, checked my bookmarks, & I posted this very thing pretty much the same, back in 2005 here:

http://developers.slashdot.org/comments.pl?sid=167071&cid=13931198

Your bot design now!

Sounds like it was designed to stop Dr. Bardo's FLOODBOT (remember THAT one?) in fact... cool beans that (your defensive system - good for KLINE too, I imagine possibly?)!

Anyhow - That was a NASTY damned thing FloodBot (other ways to stall it was just pull a whois on the attacker & block them by IP address, iirc).

Been more than 11++ yrs. since I did IRC though - I might be RUSTY on some of the terms used above...

QUESTION:

I just got a 64-bit Windows client for it though recently, TurboIRC64 (any thoughts or suggestions for another 64-bit IRC tool? Thanks!).

* E.G.-> Has MIRC gone 64-bit yet? I liked MIRC, & PIRCH in the 32-bit days is why...

APK

P.S.=> Like I said, & you definitely also said? IRC is a great place to learn about networking... too bad it "degenerated" into a haven for botnet masters & such from what I heard of it over the years since I was there (circa 1995-2001)... sometimes? I miss the place. If anything it definitely helped "up my typing speed" too (well into 110++ range nowadays, coding helps too + posting on /. of course etc.), & taught me much about networking also back in those days when I was SOLELY into coding only (that's not enough imo - to be a truly proficient computer-man? You must master ALL facets of it, coding AND networking imo!))

... apk

Re:Former DALNET #Windows95 admin + question

Freenode's still cool for open-source stuff, and there are networks/channels out there with a genuine sense of community. I know a couple, but won't name them for fear of slashdotting them and/or exposing them to spambots. As for a client, 64-bit isn't all that important right now for Windows applications, since Win32 applications work fine on Win64. This includes mIRC.

APK is a spammer

Ban him please.

Re:APK is a spammer

what's your problem?

What problem?

Who said anything about a problem?

Re:What problem?

Why'd you post that then? It's not on topic. If you are a troll and don't answer a simple question, I don't have time for you.

Re:What problem?

This article is about spotting trolls. I spotted one. That's on-topic. And also on-topic, with regards to trolls not having many friends - although he likes to claim he has friends - in fact the people who claim to have known him in real life claim he's just as obsessive and unpleasant in real life as he is online (e.g. by stalking gmhowell, tomhudson, damn_registrars, countertrolling, and I'm not sure how many more - talk about off-topic).

(For the uninitiated - APK - The "Ultimate" Collection - it's pretty obvious why he's so hated by pretty much everyone who's had any sort of encounter with him. It's also a hilarious read, if you're not too busy.)

Oh - and as to your "simple question". I answered it. You asked what my problem was. I don't have a problem; I merely wanted to state a relevant fact.

Same experience here (what type of fraud?)

"But the bad guys won't retire, they will run to another corner, and you will have to chase them." - by rm999 (775449) on Wednesday June 22, @02:55PM (#36532930)

I agree, & I've been there with "bad guys" online, albeit on the receiving end of their "machinations"

(I.E.-> Impersonating myself, email harasssing me, libeling me, & worse in death threats (this blew me away, forced me to call law enforcement in fact)).

Folks @ their hosting providers (CrystalTech.com & Shaw Canada iirc) told me the same thing you have stated in fact:

I.E.-> "Yes, we took care of them & removed said data and site entirely, but they're just going to go someplace else and do it again"

(Jeremy Reimer of Arstechnica & his friend Jay Little in fact)

* You're 110% correct!

Perhaps this isn't the "exact same scenario" as being discussed here, but... the point's there you made, & again, I agree.

(I'd ask what type of fraud, but perhaps, you're not @ liberty to discuss it or don't wish to, which is cool also - I respect that much!)

APK

P.S.=> From your "pov" though? It's got to be great job security @ least (looking @ the 'bright side' & all that here), a real O(n) "Big O" type problem that pays off for some folks @ least, which is good!

... apk

Thanks for the reply & I get your point but...

This might sound weird, but I am trying to make my system "all 64-bit" as much as possible is all (yes, overly-geeky perhaps, but, there you are, lol).

E.G.-> I think Opera's great, Chrome too... but why haven't they done a 64-bit port for example? I use them, but, still in 32-bit form (still great though, no questions asked).

Also, I haven't heard of "freenode" before... is that an IRC circuit of some sort?

You're right as well: In fact? THAT'S THE THING I MISS MOST actually - the literal sense of community (I couldn't 'put a finger on it'... so, thanks for reminding me of what I miss most about it in fact!).

I mean, once things got rolling & you knew folks? If they were in say, the same state?? You had parties with them, even met chicks (the really COOL part, lol) & made pals... I met folks there I'd call my friends anytime, to this day in fact!

APK

Desperation to justify the Social Graph

[water-and-sewer]

For a long time now there's been speculation that "getting" someon'es social graph will be valuable. In practice it hasn't yet played out. The value of IPOs like Facebook is largely based on the suspicion that having all that information on how people network will be valuable. This looks like an attempt to prove the info can be valuable. But they haven't exactly done an overwhelming job of convincing us, if this is the best they can do.

Re:Thanks for the reply & I get your point but

[Bengie]

"Opera's great, Chrome too... but why haven't they done a 64-bit port for example?"

All of the plug-ins must be ported to 64bit also as a 64bit app can't link to a 32bit DLL. Adobe is dragging it's feet on Flash-64bit. I'm sure there are others.

Yes, CORRECT (very good Bengie)

Mod Bengie up someone - "TIA"

(I don't have an account here, someone else owns APK (andy k) & I won't settle for anything else... lol, thus no mod points here)...

Again, you're right man:

It's also one of the things pissing me off using FireFox "Nightly" build in fact...

I.E.-> I can't get an updated 64-bit plugin for FLASH!!!

See - I like doing YouTube is why, & there's been so many "hacks/cracks/attacks" on Flash, I can't take the chance (yes, even on YouTube).

I have updated to the "latest/greatest" for:

IE9 32 & 64 bit in Windows 7

Chomium (what I use actually, not Chrome) doesn't have one afaik or has one built in (not "expert"on Chrome/Chromium here, just started using it is why, & asked questions recently on it from users of it on this forums)

Opera 11.11 latest has one, I have it in place.

* Great point man... seriously!

APK

P.S.=> You can always learn things on forums, no matter how "good" you may *think* you are... complex field, lots to overlook, or just learn in the 1st place! Thanks... apk

Another blatant lie from APK...

APK has at least three registered accounts here on slashdot - he's admitted to preferring to post anonymously because (a) he can bypass the postcount filter and (b) he can't be moderated down to any effect since as an Anonymous Coward he always posts at the default 0 score instead of the -1 that he quickly reached due to the down-mods on all his trollish posts.

Just more of the same old lies from APK, as usual.